DNS Security Analyzer

Check your domain's email security configuration (SPF, DKIM, DMARC)

Enter a domain like example.com

What is Email Security?

Email authentication protocols (SPF, DKIM, DMARC) work together to prevent email spoofing and phishing attacks. Without these, attackers can easily send emails that appear to come from your domain.

SPF

Specifies which mail servers can send email for your domain. Receivers check if the sending server is authorized.

DKIM

Adds a digital signature to emails that receivers can verify using a public key in your DNS.

DMARC

Tells receivers what to do with emails that fail SPF/DKIM checks, and sends you reports.

What We Check

  • SPF record presence and validity
  • DMARC policy and configuration
  • DKIM records for common selectors
  • MX records for email receiving
  • CAA records for certificate control
  • DNSSEC status

Frequently Asked Questions

SPF (Sender Policy Framework) is a DNS record that specifies which mail servers are authorized to send email on behalf of your domain. Without SPF, attackers can easily forge emails that appear to come from your domain (spoofing).

DMARC (Domain-based Message Authentication, Reporting & Conformance) tells receiving mail servers what to do with emails that fail SPF or DKIM checks. The recommended policy is 'reject' which blocks fraudulent emails, though you should start with 'none' for monitoring before moving to stricter policies.

DKIM setup involves generating a public/private key pair, publishing the public key in DNS, and configuring your mail server to sign outgoing emails with the private key. Most email providers like Google Workspace and Microsoft 365 have built-in DKIM configuration options.